File 0001-Add-support-for-the-NO_CI_FLAG-credentials-option.REVERT of Package gssproxy
From 7150e488e0f7b2a3bbc55f24a8ebd8e0dce4796a Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 3 Mar 2017 16:10:58 -0500
Subject: [PATCH] Add support for the NO_CI_FLAG credentials option
Signed-off-by: Simo Sorce <simo@redhat.com>
Closes #160
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
PR: #163
---
src/gp_export.c | 18 -------------
src/gp_util.c | 14 ++++------
src/mechglue/gpp_creds.c | 64 ++++++++++++++++++-----------------------------
3 files changed, 31 insertions(+), 65 deletions(-)
--- a/src/gp_export.c
+++ b/src/gp_export.c
@@ -389,7 +389,6 @@ done:
}
#define KRB5_SET_ALLOWED_ENCTYPE "krb5_set_allowed_enctype_values"
-#define KRB5_SET_NO_CI_FLAGS "krb5_set_no_ci_flags"
static void gp_set_cred_options(gssx_cred *cred, gss_cred_id_t gss_cred)
{
@@ -397,7 +396,6 @@ static void gp_set_cred_options(gssx_cre
struct gssx_option *op;
uint32_t num_ktypes = 0;
krb5_enctype *ktypes;
- bool no_ci_flags = false;
uint32_t maj, min;
int i, j;
@@ -413,12 +411,6 @@ static void gp_set_cred_options(gssx_cre
num_ktypes = op->value.octet_string_len / sizeof(krb5_enctype);
ktypes = (krb5_enctype *)op->value.octet_string_val;
break;
- } else if ((op->option.octet_string_len ==
- sizeof(KRB5_SET_NO_CI_FLAGS)) &&
- (strncmp(KRB5_SET_NO_CI_FLAGS,
- op->option.octet_string_val,
- op->option.octet_string_len) == 0)) {
- no_ci_flags = true;
}
}
}
@@ -430,16 +422,6 @@ static void gp_set_cred_options(gssx_cre
GPDEBUG("Failed to set allowable enctypes\n");
}
}
-
- if (no_ci_flags) {
- gss_buffer_desc empty_buffer = GSS_C_EMPTY_BUFFER;
- maj = gss_set_cred_option(&min, &gss_cred,
- discard_const(GSS_KRB5_CRED_NO_CI_FLAGS_X),
- &empty_buffer);
- if (maj != GSS_S_COMPLETE) {
- GPDEBUG("Failed to set NO CI Flags\n");
- }
- }
}
uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall,
--- a/src/gp_util.c
+++ b/src/gp_util.c
@@ -160,15 +160,13 @@ uint32_t gp_add_option(gssx_option **opt
memcpy(opt.option.octet_string_val, option, option_len);
opt.option.octet_string_len = option_len;
- if (value_len != 0) {
- opt.value.octet_string_val = malloc(value_len);
- if (!opt.value.octet_string_val) {
- ret = ENOMEM;
- goto done;
- }
- memcpy(opt.value.octet_string_val, value, value_len);
- opt.value.octet_string_len = value_len;
+ opt.value.octet_string_val = malloc(value_len);
+ if (!opt.value.octet_string_val) {
+ ret = ENOMEM;
+ goto done;
}
+ memcpy(opt.value.octet_string_val, value, value_len);
+ opt.value.octet_string_len = value_len;
out = realloc(*options_val, (*options_len + 1) * sizeof(gssx_option));
if (!out) {
--- a/src/mechglue/gpp_creds.c
+++ b/src/mechglue/gpp_creds.c
@@ -561,9 +561,12 @@ static uint32_t gpp_set_opt_allowable_en
struct gpp_allowable_enctypes *ae;
struct gssx_cred_element *ce = NULL;
gss_OID_desc mech;
+ gssx_option *to;
+ gssx_buffer *tb;
+ int i;
/* Find the first element that matches one of the krb related OIDs */
- for (unsigned i = 0; i < cred->elements.elements_len; i++) {
+ for (i = 0; i < cred->elements.elements_len; i++) {
gp_conv_gssx_to_oid(&cred->elements.elements_val[i].mech, &mech);
if (gpp_is_krb5_oid(&mech)) {
ce = &cred->elements.elements_val[i];
@@ -576,51 +579,36 @@ static uint32_t gpp_set_opt_allowable_en
return GSS_S_FAILURE;
}
- ae = (struct gpp_allowable_enctypes *)value->value;
- *min = gp_add_option(&ce->options.options_val,
- &ce->options.options_len,
- KRB5_SET_ALLOWED_ENCTYPE,
- sizeof(KRB5_SET_ALLOWED_ENCTYPE),
- ae->ktypes,
- sizeof(krb5_enctype) * ae->num_ktypes);
- if (*min != 0) {
+ to = realloc(ce->options.options_val,
+ sizeof(gssx_option) * (ce->options.options_len + 1));
+ if (!to) {
+ *min = ENOMEM;
return GSS_S_FAILURE;
}
+ ce->options.options_val = to;
+ i = ce->options.options_len;
- return GSS_S_COMPLETE;
-}
-
-#define KRB5_SET_NO_CI_FLAGS "krb5_set_no_ci_flags"
-
-static uint32_t gpp_set_no_ci_flags(uint32_t *min, gssx_cred *cred,
- const gss_buffer_t value)
-{
- struct gssx_cred_element *ce = NULL;
- gss_OID_desc mech;
-
- /* Find the first element that matches one of the krb related OIDs */
- for (unsigned i = 0; i < cred->elements.elements_len; i++) {
- gp_conv_gssx_to_oid(&cred->elements.elements_val[i].mech, &mech);
- if (gpp_is_krb5_oid(&mech)) {
- ce = &cred->elements.elements_val[i];
- break;
- }
- }
-
- if (!ce) {
- *min = EINVAL;
+ tb = &ce->options.options_val[i].option;
+ tb->octet_string_len = sizeof(KRB5_SET_ALLOWED_ENCTYPE);
+ tb->octet_string_val = strdup(KRB5_SET_ALLOWED_ENCTYPE);
+ if (!tb->octet_string_val) {
+ *min = ENOMEM;
return GSS_S_FAILURE;
}
- *min = gp_add_option(&ce->options.options_val,
- &ce->options.options_len,
- KRB5_SET_NO_CI_FLAGS,
- sizeof(KRB5_SET_NO_CI_FLAGS),
- NULL, 0);
- if (*min != 0) {
+ ae = (struct gpp_allowable_enctypes *)value->value;
+ tb = &ce->options.options_val[i].value;
+ tb->octet_string_len = sizeof(krb5_enctype) * ae->num_ktypes;
+ tb->octet_string_val = malloc(tb->octet_string_len);
+ if (!tb->octet_string_val) {
+ *min = ENOMEM;
return GSS_S_FAILURE;
}
+ memcpy(tb->octet_string_val, ae->ktypes, tb->octet_string_len);
+
+ ce->options.options_len++;
+ *min = 0;
return GSS_S_COMPLETE;
}
@@ -632,8 +620,6 @@ static uint32_t gpp_remote_options(uint3
if (gss_oid_equal(&gpp_allowed_enctypes_oid, desired_object)) {
maj = gpp_set_opt_allowable_entypes(min, cred, value);
- } else if (gss_oid_equal(GSS_KRB5_CRED_NO_CI_FLAGS_X, desired_object)) {
- maj = gpp_set_no_ci_flags(min, cred, value);
}
return maj;
